As you may know, a new zero-day software vulnerability called Log4j (CVE-2021-44228) was recently uncovered. Log4j is an open-source Java logging library widely used by a range of software applications and services around the world. The bug can allow attackers to take control of vulnerable Internet-based software remotely.
After a comprehensive review, SimpleLTC can confirm that our software systems are not impacted by the Log4j exploit, and none of our third-party integrations have exposed us to negative impacts of the log4j vulnerability.
In addition, we have reached out to CMS, which has confirmed through the QTSO help desk that their jTools (e.g., jRaven) are not impacted by the vulnerability.
We’re aware that some users of SimplePBJ™ have been impacted by a ransomware attack against Kronos, which likely exploited the log4j vulnerability. This may mean that Kronos customers have limited or no access to their timekeeping and/or payroll data for an extended period. We will work diligently with any of our clients who are affected to help them submit accurate and complete PBJ data for the next quarterly deadline (Feb. 14).
We’ll continue to monitor the situation as it unfolds. If you have any immediate concerns, please reach out to our Support Team.